Decode your Certificate Signing Request (CSR)

Do you want to double-check that all of the information in your CSR is correct? Put your CSR into the form below, and the CSR Decoder tool will take care of the rest! 

When it comes to obtaining an SSL certificate issued, a Certificate Signing Request, or CSR, is one of the most important documents. When completing a CSR, you must provide correct and verifiable information. During the validation process, the Certificate Authority will compare the information to the information in the CSR, and the information in the CSR will be used to populate the SSL certificate that is issued. 

What is a CSR?

One of the first stages toward getting your SSL/TLS certificate is to create a certificate signing request (CSR). The CSR, generated on the same server where the certificate will be installed, provides information that the Certificate Authority (CA) will use to construct your certificate (e.g. common name, organization, and country). It also contains the public key that will be included in your certificate and the private key that will be used to sign it.

A CSR consists of three major components:

1. Your public key.
2. The fully-qualified domain name(s) you want to utilize your certificate.
3. Other information about you and your organization/website (including its legal name and the city/state/country in which it is registered).

Check the contents of your CSR

The Certificate Signing Request (CSR) Decoder tool decrypts the information in your CSR so you can check if it's accurate and current. You're likely renewing, and the detail in your CSR has changed or is no longer relevant. You must create a fresh CSR with precise information before submitting it to your CA in this scenario. 

Your Certificate Signing Request should start with:
-----BEGIN CERTIFICATE REQUEST-----
and end with:
-----END CERTIFICATE REQUEST-----
Note: There should be five dashes on either side of both prompts.
 

Most CSRs are created in the Base-64 encoded PEM format.
A PEM format CSR can be opened in a text editor and looks like the following example:

-----BEGIN CERTIFICATE REQUEST-----
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
-----END CERTIFICATE REQUEST-----

Certificate signing request data:

• Country: Use the standard two-letter ISO country code for the country where your organization is located. For example, US or ZA
• State, province, or region: Use the full state or province name, without abbreviation. For example, California, not CA, and New Brunswick, not NB
• Locality: Use the city or town name, without abbreviation
• Organization or company: Use the full legal name of the organization or company that owns the domain name
• Department or organizational unit: Use the name of the department or organizational unit for the domain
• Common name (domain name): Enter the fully qualified domain name that visitors use to reach your website, without the http:// or https:// protocol element. For example, to secure https://www.example.com, enter www.example.com or *.example.com for a wildcard certificate
• Subject alternative name(s): Optional. Enter additional domain names, separated by commas, such as www.example.net, www.example.org. Adding additional domain names will generate a CSR appropriate for a UCC (Unified Communications Certificate) SSL certificate